Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

FOSS Events: M|17, GNU Hackers' Meeting, and Upcoming FreeBSD Events

Debian and Tails (Based on Debian)

  • Debian Project to Shut Down Its Public FTP Services, Developers Are Not Affected
    The Debian Project, a group of developers from all over the world who create one of the most popular and used free operating systems on the planet, Debian GNU/Linux, announced that they're shutting down their FTP servers for users.
  • LinuxAndUbuntu Distro Review Of The Week Debian Linux 8.7 (Jessie)
    ​I have always been a Ubuntu guy. I use Ubuntu or some other derivatives like Mint or elementary but never have I tried Debian. Well not anymore. I tested Debian and I must say I really like it. The thing with Debian is that stability is prioritized over all other factors. So if you are looking for the latest updates to packages, Debian is not the one. Debian is very popular amongst Linux users and rightly so. It enjoys a very superior community support compared to many other distros and most importantly the stability. So my experience? Let's start the distro review of the week, Debian 8.7.
  • Improve Your Online Security with Tails
    The popular image of online dangers is scary bad guys trying to steal our stuff. This image is accurate if you remember to include unfettered corporate interests as the scary bad guys. Our protections against our good friends the telcos and cable companies have never been strong, and now they're nearly non-existent. Repealing Broadband Privacy Rules, Congress Sides with the Cable and Telephone Industry sums it up beautifully: "Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways." And buy and sell it with no oversight or accountability, and law enforcement will get their hands on it as surely as road apples draw flies. What can we do about it? I believe that the best solution is legislative. I prefer technical solutions for protecting ourselves from hostile and predatory interests, but there aren't many, and they're incomplete. Internet access is a requirement for many routine aspects of our daily lives, and even if you avoid going online you have no knowledge or control of the information the vendors and service providers that you use are collecting and trading, or what people share about you on social media. Stores, electric and gas utilities, healthcare providers, tradespeople, private clubs, non-profit organizations, charitable groups, banks, insurance companies, and on and on. They all collect information about you, and many trade it freely. Of course, it's not fair to assume that everyone is venal, but even when a vendor has a heart of gold they may be lacking in technical competence.

Leftovers: Gaming

Thunderbird 'redesign'